- Change /var/pwcheck permissions so Postfix can use pwcheck for SASL Authentication.

- Update MySQL & LDAP Authentication Methods - Correct bento warning for extra file (Sendmail.conf). - Correct mysql detection code in configure.sasl, and use LIB_DEPENDS for db3. PR: 22462 Submitted by: Scot W. Hetzel <hetzels@westbend.net> MAINTAINER
author: jeh <jeh@FreeBSD.org> 2000-11-01 11:59:18 +0000
committer: jeh <jeh@FreeBSD.org> 2000-11-01 11:59:18 +0000
commit: 8d68fc3632fc7cb21a93f3532191003cd83ccf48 (patch)
tree: 9c798de56950cadbcf94bb3553965ab8d1897864 /security/cyrus-sasl/files
parent: 032206df1c271325db78d0f2e89609faa8d38ca2 (diff)
download: FreeBSD-ports-8d68fc3632fc7cb21a93f3532191003cd83ccf48.zip
FreeBSD-ports-8d68fc3632fc7cb21a93f3532191003cd83ccf48.tar.gz
1 files changed, 35 insertions, 71 deletions
diff --git a/security/cyrus-sasl/files/patch-ai b/security/cyrus-sasl/files/patch-ai
index a630c2c..ea925f0 100644
--- a/security/cyrus-sasl/files/patch-ai
+++ b/security/cyrus-sasl/files/patch-ai
@@ -1,5 +1,5 @@
 --- lib/checkpw.c.orig	Wed Jul 19 20:24:13 2000
-+++ lib/checkpw.c	Sat Sep 16 21:07:33 2000
++++ lib/checkpw.c	Tue Oct 31 20:52:21 2000
 @@ -95,10 +95,19 @@
  #include <sys/un.h>
  #ifdef HAVE_UNISTD_H
@@ -81,13 +81,14 @@
  
      if (reply) { *reply = NULL; }
  
-@@ -902,6 +928,260 @@
+@@ -902,6 +928,224 @@
  
  #endif
  
 +#ifdef HAVE_MYSQL
 +/* DMZ mysql auth 12/29/1999
 + * Updated to 1.5.24 by SWH 09/12/2000
++ * changed to malloc qbuf Simon Loader 10/21/2000
 + */
 +#ifdef USE_CRYPT_PASSWORD
 +#define QUERY_STRING    "select %s from %s where %s = '%s' and %s = password('%s')"
@@ -105,7 +106,7 @@
 +   unsigned int numrows;
 +   MYSQL mysql,*sock;
 +   MYSQL_RES *result;
-+   char qbuf[300];
++   char *qbuf;
 +   char *db_user="",
 +        *db_passwd="",
 +        *db_host="",
@@ -152,9 +153,17 @@
 +      return SASL_FAIL;
 +    }
 +    /* select DB_UIDCOL from DB_TABLE where DB_UIDCOL = 'userid' AND DB_PWCOL = password('password') */
++    if ( (qbuf = (char *)malloc(strlen(QUERY_STRING)+strlen(db_uidcol)
++				+strlen(db_table)+strlen(db_uidcol)
++				+strlen(userid)+strlen(db_pwcol)
++				+strlen(password)+1)) == NULL ) {
++	if (reply) { *reply = "cannot malloc memory for sql query"; }
++	return SASL_FAIL;
++    }
 +    sprintf(qbuf,QUERY_STRING,db_uidcol,db_table,db_uidcol,userid,db_pwcol,password);
 +    if (mysql_query(sock,qbuf) < 0 || !(result=mysql_store_result(sock)))
 +    {
++      free(qbuf);
 +      mysql_close(sock);
 +      return SASL_FAIL;
 +    }
@@ -166,13 +175,16 @@
 +                   mysql_free_result(result);
 +                   mysql_close(sock);
 +		   if ((numrows > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
++		   free(qbuf);
 +                   return SASL_BADAUTH;
 +           } else {
++		   free(qbuf);
 +                   mysql_free_result(result);
 +                   mysql_close(sock);
 +                   return SASL_OK;
 +	   }
 +    }
++    free(qbuf);
 +    mysql_free_result(result);
 +    mysql_close(sock);
 +    return SASL_BADAUTH;
@@ -182,6 +194,7 @@
 +#ifdef HAVE_LDAP
 +/* simon@surf.org.uk LDAP auth 07/11/2000
 + * Updated to 1.5.24 by SWH 09/12/2000
++ * changed to use malloc and simplify the auth by Simon@surf.org.uk 10/21/2000
 + */
 +
 +#define LDAP_SERVER	"localhost"
@@ -215,24 +228,19 @@
 +{
 +
 +    LDAP *ld;
-+    LDAPMessage *result;
-+    LDAPMessage *entry;
-+    char *attrs[2];
-+    char filter[200]; 
 +    char *dn,
 +	 *ldap_server="",
 +	 *ldap_basedn="",
 +	 *ldap_uidattr="",
 +	 *port_num="";
 +    int ldap_port = LDAP_PORT;
-+    int count;
 +    sasl_getopt_t *getopt;
 +    void *context;
 +
 +    /* If the password is NULL, reject the login...
 +     * Otherwise the bind will succed as a reference bind. Not good...
 +     */
-+    if (strcmp(password,"") == 0)
++    if (!userid || !password)
 +    {
 +	return SASL_BADPARAM;
 +    }
@@ -264,75 +272,31 @@
 +    /* Open the LDAP connection. */
 +    if ((ld = ldap_open(ldap_server, ldap_port)) == NULL)
 +    {
-+	if (reply) { *reply = "cannot connect to LDAP server"; }
-+	return SASL_FAIL;
-+    }
-+
-+    /* Bind anonymously so that you can find the DN of the appropriate user. */
-+    if (ldap_simple_bind_s(ld,"","") != LDAP_SUCCESS)
-+    {
-+	ldap_unbind(ld);
-+	if (reply) { *reply = "cannot bind to LDAP server"; }
-+	return SASL_FAIL;
-+    }
-+
-+    /* Generate a filter that will return the entry with a matching UID */
-+    sprintf(filter,"(%s=%s)", ldap_uidattr,userid);
-+
-+    /* Just return country...This doesn't actually matter, since we will
-+     * not read the attributes and values, only the DN
-+     */
-+    attrs[0] = "c";
-+    attrs[1] = NULL;
-+
-+    /* Perform the search... */
-+    if (ldap_search_s(ld,ldap_basedn,LDAP_SCOPE_SUBTREE,filter,attrs,1,&result) != LDAP_SUCCESS )
-+    {
-+	ldap_unbind(ld);
-+	return SASL_BADAUTH;
-+    }
-+
-+    /* If the entry count is not equal to one, either the UID was not unique or
-+     * there was no match
-+     */
-+    if ((count = ldap_count_entries(ld,result)) != 1)
-+    {
-+	ldap_msgfree(result);
-+	ldap_unbind(ld);
-+	if ((count > 1) && (reply)) { *reply = "Detected duplicate entries for user"; }
-+	return SASL_BADAUTH;
-+    }
-+
-+    /* Get the first entry */
-+    if ((entry = ldap_first_entry(ld,result)) == NULL)
-+    {
-+	ldap_msgfree(result);
-+	ldap_unbind(ld);
-+	return SASL_BADAUTH;
++      if (reply) { *reply = "cannot connect to LDAP server"; }
++      return SASL_FAIL;
 +    }
 +
-+    /* Get the DN of the entry */
-+    if ((dn = ldap_get_dn(ld,entry)) == NULL)
-+    {
-+	ldap_msgfree(entry);
-+	ldap_unbind(ld);
-+	return SASL_BADAUTH;
++    if ( (dn = (char *)malloc(strlen(ldap_uidattr)
++			     +strlen(userid)+strlen(ldap_basedn)+3)) == NULL ) {
++      if (reply) { *reply = "cannnot allocate memory for ldap dn"; }
++      return SASL_FAIL;
 +    }
++    /* Generate a dn that we will try and login with */
++    sprintf(dn,"%s=%s,%s", ldap_uidattr,userid,ldap_basedn);
 +
-+    /* Now bind as the DN with the password supplied earlier...
-+     * Successful bind means the password was correct, otherwise the
-+     * password is invalid.
++    /*
++     * Just try and bind with the dn we have been given
++     * In most cases the basedn is correct.
++     * If this is not so I have a version or that too
++     * Simon@surf.org.uk
 +     */
-+    if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS)
-+    {
-+	free(dn);
-+	ldap_msgfree(entry);
-+	ldap_unbind(ld);
-+	return SASL_BADAUTH;
++    if (ldap_simple_bind_s(ld,dn,(char *)password) != LDAP_SUCCESS) {
++      free(dn);
++      ldap_unbind(ld);
++      return SASL_BADAUTH;
 +    }
 +
 +    free(dn);
-+    ldap_msgfree(entry);
 +    ldap_unbind(ld);
 +    return SASL_OK;
 +}
@@ -342,7 +306,7 @@
  struct sasl_verify_password_s _sasl_verify_password[] = {
      { "sasldb", &sasldb_verify_password },
  #ifdef HAVE_KRB
-@@ -921,6 +1201,12 @@
+@@ -921,6 +1165,12 @@
  #endif
  #ifdef HAVE_PWCHECK
      { "pwcheck", &pwcheck_verify_password },
author	jeh <jeh@FreeBSD.org>	2000-11-01 11:59:18 +0000
committer	jeh <jeh@FreeBSD.org>	2000-11-01 11:59:18 +0000
commit	8d68fc3632fc7cb21a93f3532191003cd83ccf48 (patch)
tree	9c798de56950cadbcf94bb3553965ab8d1897864 /security/cyrus-sasl/files
parent	032206df1c271325db78d0f2e89609faa8d38ca2 (diff)
download	FreeBSD-ports-8d68fc3632fc7cb21a93f3532191003cd83ccf48.zip FreeBSD-ports-8d68fc3632fc7cb21a93f3532191003cd83ccf48.tar.gz